overview document for sso

docs/admin/SSO.md

@@ -0,0 +1,25 @@
+---
+title: InvenTree Single Sign On
+---
+
+## Single Sign On
+
+InvenTree provides the possibility to use 3rd party services to authenticate users. This functionality makes use of [django-allauth](https://django-allauth.readthedocs.io/en/latest/) and supports a wide array of OpenID and OAuth [provider](https://django-allauth.readthedocs.io/en/latest/providers.html).
+
+### Configuration
+
+To use SSO you have to:
+1. Enable the needed providers in the [config file](../start/config.md#Single-Sign-on).
+1. Add the required client configurations in the `SocialApp` app in the [admin interface](../admin/admin.md).
+1. Enable SSO for the users in the [dynamic settings](../admin/settings.md).
+
+### Security Consideration
+
+You should use SSL for your website if you want to use this feature. Also set your callback-endpoints to `https://` addresses to reduce the risk of leaking user's tokens.
+
+Tokens for authenticating the users to the providers they registered with are saved in the database.  
+So ensure your database is protected and not open to the internet.  
+Make sure all users with admin privileges have sufficient passwords - they can read out your client configurations with providers and all auth-tokens from users.
+
+Never share your installs secret key!
+

mkdocs.yml

@@ -97,6 +97,7 @@ nav:
     - Admin Interface: admin/admin.md
     - Settings: admin/settings.md
     - User Permissions: admin/permissions.md
+    - Single Sign on: admin/SSO.md
     - Export Data: admin/export.md
     - Import Data: admin/import.md
     - Python Shell: admin/shell.md